Symantec AntiVirus for Windows Vista, Version 10.2:
Download, Installation, and Usage Instructions

Symantec Endpoint Protection, SEP, is now the recommended antivirus for Windows Vista. It is easier to install and configure than SAV 10.2, and provides better protection.

Symantec AntiVirus for Windows Vista provides protection against viruses and security risks for managed and unmanaged clients that run on Windows Vista (32-bit and 64-bit editions). Symantec AntiVirus clients that run on Windows Vista behave in generally the same manner as Symantec AntiVirus clients that run on other supported operating systems, such as Windows 2000/XP.

Note: For Windows Vista only: Symantec AntiVirus does not support migrating over existing or future versions of Symantec AntiVirus client on Windows Vista. You must uninstall all versions of Symantec AntiVirus client on Windows Vista before you install a new version of Symantec AntiVirus on Windows Vista.

What Symantec has to say about SAV for Windows Vista:

• Allows advanced, enterprise-wide virus protection and monitoring from a single management console.
• Real-time scanning capabilities automatically detects and removes spyware and adware that attempts to run or install on a machine.
• Improved protection from spyware and adware, including:
  • Spyware repair enhancements automatically block spyware installation
  • Stealthed spyware detection and remediation
  • Improved spyware repairs for invasive risks
• Effectively protects from spyware and adware.
• Microsoft Windows Vista support.
• Symantec tamper protection guards against unauthorized antivirus access and attacks, protecting users from viruses that attempt to disable security measures.
• Integrated Web-based graphical reporting; compatible with Windows Vista Integrated Web-based graphical reporting

You can:

• Establish and enforce antivirus security policies
• Retrieve content updates, such as virus and security risk definitions
• Control live viruses
• Configure real-time scanning
• Schedule virus and security risk scans
• Analyze log events
• Advanced, enterprise-wide virus protection and monitoring from a single management console

• Windows Vista
• 32-bit:
  • 512 MB RAM
  • 55 MB disk space
    
• 64-bit:
  • 512 MB RAM
  • 70 MB disk space
  • Intel® processors that support Intel Extended Memory 64 Technology (Intel EM64T)
  • AMD® 64-bit Opteron™ and Athlon™ processors

• Smart Scan, which is turned on by default: finds and searches files whose file extensions have been changed, presumably by viruses. For more information, see The SAV CE Client Guide, page 46.
  
  
• Tamper Protection, which is also turned on by default and remains on, even when you turn off File System Auto-Protect. This protects the SAV program files from being changed by viruses and worms; it would be a useful thing for a virus or worm to disable your antivirus program. For more information, see The SAV CE Client Guide, page 47.
  
  
• Positive actions for security risks such as adware and spyware, and inclusion of detection of security risks in all types of scans.
  

In all cases, you "purchase" SAV/NAV from E-Sales. For all except the Windows server edition, you can download the software directly from E-Sales, at no cost.

• Symantec AntiVirus for Windows Vista Managed Client also requires that specific ports are opened to permit communication between the managed clients, servers, Symantec System Center, and optional Symantec management components.
• When you install Symantec AntiVirus for Windows Vista, the installation process automatically configures the Windows Firewall to allow exceptions for Symantec AntiVirus processes that require access to your network and the Internet.
• If you run third-party firewall software, you must open the following ports yourself:
  • TCP 2967 - Allows communication between the Symantec System Center and Symantec AntiVirus clients and servers.
  • TCP 139 - Allows remote installation of Symantec AntiVirus clients.
  • UDP 38293 Allows Discovery of Symantec AntiVirus servers that manage your clients.
• You should also permit: Rtvscan.exe on all computers, permit Pds.exe on servers, and permit the Symantec System Center to send and receive traffic through your firewalls.

SAV CE 10 is no longer available through E-Sales. If you need it for some particular reason, send email to software@uic.edu.

You must uninstall all other antivirus software before you install Symantec AntiVirus 10.2, including previous versions of SAV if you have any installed. This is different from Verision 10 SAV for other operating systems.

You must use an administrator account to install and set up Symantec Antivirus 10.2.

Under construction.

Configurations:

Regardless of which type of installation you choose, it appears that SAV ends up with its default configuration. You should probably check your configuration out. Which you should do anyway.

1. Click on Configuration in the left pane in SAV,
2. Then click on the type of scan you want to check below it.
3. Click the Advanced button for the details of the configuration; the Action button for the actions.

The default configuration is:

• All types of scans are turned on; these are: File System Auto-Protect, Internet Email, Lotus Notes Auto-protect, Microsoft Exchange Auto-Protect
• All scans scan all files.
• Auto-Protect: Configure -> File System Auto-Protect -> Advanced
  • Starts at system start
  • Runs on files when they are opened or modified
  • Turns itself back on after 30 minutes when you turn it off (say to install something)
  • Backs up files before attempting repair
  • Enables Threat Tracer
  • Turns on Heuristics -- searching for viruses and worms by their generic characteristics
  • Reminds you if you turn off your computer with a floppy in your floppy drive (Configure -> Auto-Protect -> Advanced -> Floppies)
• Internet Email: Configure -> Internet E-mail Auto-Protect -> Advanced
  • Scans files inside compressed files
  • Uses Heuristics
  • Protects incoming and outgoing email, using POP3 or SMTP protocols. Turn it off if you use IMAP or SSL-protected POP or SMTP.
• Microsoft Exchange: Configure -> Microsoft Exchange Auto-Protect -> Advanced
  • Scans files inside compressed files
• And turns on Tamper Protection, which protects SAV and LiveUpdate from being tampered with by unauthorized sources. (Viruses have been known to break the antivirus program; that's a wise first step for them.)

Set Internet E-Mail Auto-Protect to Scan SSL Email

There is one thing that you should change:

1. Open Symantec AntiVirus
2. Click Configure -> Internet E-Mail Auto-Protect on the left hand side.
3. Click Enable Internet E-mail Auto-Protect if it isn't already clicked.
4. Click the Advanced button on the right. Click both Allow encrypted POP 3 connections and Allow encrypted SMTP connections.
5. Replace the 110 for the POP3 port with 995, and the replace the 25 for the SMTP port with either either 587 (if you are using Start TLS) or 465 (if you are using SSL and alternate port). (It might be the easiest thing to do is to check your email program and see what you have set for your SMTP outgoing email port.) SAV doesn't check the IMAP port, so it can not check incoming IMAP email.
6. Click OK, OK.
7. Close SAV.

I think you have to restart SAV to change this option.

Actions:

When SAV finds a virus, worm, or expanded security threat -- spyware, adware and the like -- it has two actions that it can take. The first action is intended to fix the problem. It employs the second action when the first action fails.

The default actions are the same for each type of threat for each type of scan, but you can change the actions by scan or by file if you wish:

Configure -> Whichever scan you're interested in ->Auto-Protect -> Action

• Worms, Viruses, and Macro Viruses:
  • First: Clean
  • Second: Quarantine
• Expanded Security Threat - adware, dialers, hack tools, joke programs, remote access, spyware, trackware, others
  • First: Quarantine and clear any changes to the registry
  • Second: Leave alone but Log

SAV's File System Auto-Protect inspects for expanded threats, for virus-like activity, and for known viruses and worms on a continuous basis as you read or write files. It will also remind you if you shutdown your computer with a diskette in your floppy drive. The file system Auto-Protect will be started automatically every time you start Windows; you can see its yellow shield icon in the system tray on the Windows task bar at the bottom of your screen.

You shouldn't depend entirely on the file system Auto-Protect, however. You should schedule regular scans of your entire hard drive.

And, of course, you should update your virus definitions on a regular bases by scheduling LiveUpdate to run daily. (Daily is my recommendation; weekly and by hand every time there is a new virus or worm is the minimum. Daily is easier.)

1. Open Symantec AntiVirus: Start -> Programs -> Symantec Client Security -> Symantec AntiVirus Client or double-click on the gold shield icon in your Windows tray in the bottom right of your monitor screen.
2. Click Scheduled Scans in the left pane of the window.
3. If you reboot daily, you might use a startup scan, but the scan can get in the way of your using your computer. So, click New Scheduled Scan.
4. Click the radio button beside Full Scan, and click Next >.
5. Type a name and description for the scan in the appropriate boxes, then click Next >.
6. Then click Options. In general, the default Options settings are just fine, but you might want to increase the scan's priority when your machine is idle -- That's under Throttling. (See figure 4.)
7. Click Save Settings to save the settings for all Full Scans.
8. Click OK, then Save.
   

SAV does not have to be running for a scheduled scan to run, but your computer does have to be on.

You should also schedule LiveUpdate to run on a regular basis. In the past, I recommended running LiveUpdate weekly. Now it makes more sense to run it every day. Symantec still only updates a little more than weekly, but you don't want to wait longer than you need to get the updated virus definitions when a new virus or worm comes out.

The default is to run LiveUpdate weekly, Friday evening at 8 PM.

Your computer must be on and connected to the Internet to run LiveUpdate.

1. In SAV, select File -> Schedule Updates..., and click Enable scheduled automatic updates. Then click the Schedule... button.
2. These days it's best to run LiveUpdate daily and be sure to pick a time when your computer will be on and connected to the Internet. (See figure 3.)
3. In the Virus Definition Update Schedule dialog, click Daily.
4. Select a time for the update to start from the dropdown list. Late afternoon or evening is better, if your computer is connected to the Internet then, because that's when the updates are released.
5. When you're finished, click OK, OK, and close SAV.
   

Figure 3: Scheduling Regular LiveUpdates in Windows Remember that your computer must be on and connected to the Internet to run LiveUpdate.

Reboot your computer to get Auto-Protect to start up.

You can tell when Auto-Protect is running because you'll see the gold shield in the Windows tray. (Lower right corner of the Windows monitor screen.) When Auto-Protect is turned off, the gold shield with have a red circle with a crossed line over it. (Not the red circle in the illustration below; that is just to help you find it.)

Sometimes Auto-Protect will try to protect you from installing programs that you want to install. In this case, turn it off for a short period of time, while you install the program:

• Right-click on the gold shield icon, and un-check Enable Auto-Protect. To turn it back on, right-click it again and check Enable Auto-Protect to select it.
  
  
• Or in Symantec AntiVirus, in the left pane, click Configure, then Auto-Protect. In the right pane, uncheck Enable Auto-Protect. Recheck it to turn it back on.

Double-clicking on the gold shield is an alternate way to open SAV.

After you finish setting everything up, you should run your first manual scan.

Figure 4: Running a Manual Scan in Windows Open Symantec AntiVirus: Start -> Programs -> Symantec Client Security -> Symantec AntiVirus Client. Click Scan, then Quick Scan or Full Scan . Before you run the scan, click the Options button (lower right) to pick the scan options. The default settings will probably do, if you aren't going to be using the computer, you might want to increase the scan's priority when the computer is idle (Throttling). Click OK, then click Scan. A Quick Scan scans system memory and all the common virus and security risk locations on your computer. (Available on unmanaged clients only.) A Full Scan scans system memory, boot sector, and all attached drives, including network drives. Custom user-defined Scan is limited to the files and folders that you specify. You don't have to select the drives or files to search for Quick or Full Scans, though you can select files to skip. If you want to specify which files to scan, use User-defined Scan.

By default, SAV will try to clean up the virus from the infected file. If it's Auto-Protect or a manual scan that finds the file, it will offer the file to you if the first action fails.

It it's a scheduled scan and the first action fails, it will automatically execute the second action, which by default is put it into Quarantine, where you won't accidentally access the file.

You can change these default settings to (1) delete the infected file when it's found, or (2) leave it alone and just log that you've found the the virus, which is called "log only".

(Sorry, these pictures are from an old version; I don't have any viruses. And, no, I don't want any sent to me, thanks.)

When the clean action fails :

1. Run LiveUpdate again: In SAV, File -> LiveUpdate, then follow the prompts. (If there is a new virus definition file, SAV might be able to clean up your file.)
   
   
2. If the file is in Quarantine, in the left pane, click View, then click Quarantine.
   If it's the result of Auto-Protect or a manual scan, the worms, viruses, and security threats will be listed in a Results window (see below).
   
   
   
3. Double-click on the name of the virus or right-click and select Properties to see what the virus is, where it is, what type it is, and the status of the first action (called Set on this window).
   
   
   
4. Right-click on the name of the file you want to clean, and select Clean from the right-click menu.
   
   
5. If SAV cleans your file, you're done. Well, you'll have to move the file back where it came from, and SAV won't remember where that is.
   
   
6. If not, then right-click again and select either Delete Permanently or Move To Quarantine. (You should be cautious about deleting files; move them to quarantine and see whether the next virus update can clean them.)

To delete a file in Quarantine, do the same as above, only click the delete icon, a red X.

There is lots more in the Symantec AntiVirus Corporate Edition Client Guide, and it's totally readable. It's in Chapter 4, beginning at page 75.

Use the SAV online help:

• On the Help menu, click Help Topics.
• On the right pane and in various dialog boxes, click the Help button for context sensitive help. (This is only available when there is something that you can do.)

For general information and documentation on NAV, visit the Symantec Security Response Page: http://www.symantec.com/avcenter/

To search for information about a specific virus: http://www.symantec.com/avcenter/vinfodb.html

And the SAV CE version 10 manuals, in PDF form. The comments on the usefulness of the documents are for people using the SAV Version 10 client as a stand-alone client, unmanaged, though the Client Guide is useful for everyone using SAV Version 10.

• This is the manual you want to use: Symantec AntiVirus Corporate Edition Client Guide (91 pages)
  I recommend that you print this, even though it is 91 pages, and regardless of how you use SAV. It is really helpful, it's easy to follow, and it tells you exactly what SAV does.
  
  
• Symantec AntiVirus Corporate Edition Installation Guide (178 pages)
  Pages 13 - 88 are useful for people who use SAV unmanaged. The rest has to do with installation of networked managed servers and clients.
  
  
• And the Symantec Symantec AntiVirus Product Manuals Page, which has PDF versions of all SAV and NAV versions for all platforms.